mojodna-oauth 0.3.2.2 → 0.3.3

data/History.txt

@@ -1,10 +1,13 @@
-== 0.3.3 / 0.4.0
+== 0.3.3 2009-05-04
 
 * Corrected OAuth XMPP namespace (Seth)
 * Improved error handling for invalid Authorization headers (Matt Sanford)
 * Fixed signatures for non-ASCII under $KCODE other than 'u' (Matt Sanford)
 * Fixed edge cases in ActionControllerRequestProxy where params were being
   incorrectly signed (Marcos Wright Kuhns)
+* Support for arguments in OAuth::Consumer#get_access_token (Matt Sanford)
+* Add gem version to user-agent header (Matt Sanford)
+* Handle input from aggressive form encoding libraries (Matt Wood)
 
 == 0.3.2 2009-03-23
 

data/TODO

@@ -27,6 +27,5 @@ the pre-release checks to make sure that there have been no regressions.
 Random TODOs:
 * finish CLI
 * sensible Exception hierarchy
-* User Agent
 * Tokens as Modules
 * don't tie to Net::HTTP

data/bin/oauth

@@ -1,4 +1,4 @@
-#!/usr/bin/env ruby
+#!/usr/bin/env ruby -w -rubygems
 
 require "oauth/cli"
 

data/lib/oauth/client/action_controller_request.rb

@@ -34,6 +34,7 @@ module ActionController
       return unless ActionController::TestRequest.use_oauth? && @oauth_options
 
       @oauth_helper = OAuth::Client::Helper.new(self, @oauth_options.merge(:request_uri => request_uri))
+      @oauth_helper.amend_user_agent_header(env)
 
       self.send("set_oauth_#{@oauth_options[:scheme]}")
     end

data/lib/oauth/client/helper.rb

@@ -50,6 +50,15 @@ module OAuth::Client
                                                          :parameters => oauth_parameters}.merge(extra_options) )
     end
 
+    def amend_user_agent_header(headers)
+      @oauth_ua_string ||= "OAuth gem v#{OAuth::VERSION}"
+      if headers['User-Agent']
+        headers['User-Agent'] += " (#{@oauth_ua_string})"
+      else
+        headers['User-Agent'] = @oauth_ua_string
+      end
+    end
+
     def header
       parameters = oauth_parameters
       parameters.merge!('oauth_signature' => signature(options.merge(:parameters => parameters)))

data/lib/oauth/client/net_http.rb

@@ -7,6 +7,14 @@ class Net::HTTPRequest
 
   attr_reader :oauth_helper
 
+  # Add the OAuth information to an HTTP request. Depending on the <tt>options[:scheme]</tt> setting
+  # this may add a header, additional query string parameters, or additional POST body parameters.
+  # The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  #
+  # This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
+  #
+  # See Also: {OAuth core spec version 1.0, section 5.4.1}[http://oauth.net/core/1.0#rfc.section.5.4.1]
   def oauth!(http, consumer = nil, token = nil, options = {})
     options = { :request_uri      => oauth_full_request_uri(http),
                 :consumer         => consumer,
@@ -17,9 +25,17 @@ class Net::HTTPRequest
                 :timestamp        => nil }.merge(options)
 
     @oauth_helper = OAuth::Client::Helper.new(self, options)
+    @oauth_helper.amend_user_agent_header(self)
     self.send("set_oauth_#{options[:scheme]}")
   end
 
+  # Create a string suitable for signing for an HTTP request. This process involves parameter
+  # normalization as specified in the OAuth specification. The exact normalization also depends
+  # on the <tt>options[:scheme]</tt> being used so this must match what will be used for the request
+  # itself. The default scheme is +header+, in which the OAuth parameters as put into the +Authorization+
+  # header.
+  #
+  # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
   def signature_base_string(http, consumer = nil, token = nil, options = {})
     options = { :request_uri      => oauth_full_request_uri(http),
                 :consumer         => consumer,

data/lib/oauth/helper.rb

@@ -5,20 +5,32 @@ module OAuth
   module Helper
     extend self
 
+    # Escape +value+ by URL encoding all non-reserved character. 
+    #
+    # See Also: {OAuth core spec version 1.0, section 5.1}[http://oauth.net/core/1.0#rfc.section.5.1]
     def escape(value)
       URI::escape(value.to_s, OAuth::RESERVED_CHARACTERS)
     end
 
+    # Generate a random key of up to +size+ bytes. The value returned is Base64 encoded with non-word
+    # characters removed.
     def generate_key(size=32)
       Base64.encode64(OpenSSL::Random.random_bytes(size)).gsub(/\W/, '')
     end
 
     alias_method :generate_nonce, :generate_key
 
-    def generate_timestamp
+    def generate_timestamp #:nodoc:
       Time.now.to_i.to_s
     end
 
+    # Normalize a +Hash+ of parameter values. Parameters are sorted by name, using lexicographical
+    # byte value ordering. If two or more parameters share the same name, they are sorted by their value.
+    # Parameters are concatenated in their sorted order into a single string. For each parameter, the name
+    # is separated from the corresponding value by an "=" character, even if the value is empty. Each
+    # name-value pair is separated by an "&" character.
+    #
+    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
     def normalize(params)
       params.sort.map do |k, values|
 
@@ -33,7 +45,14 @@ module OAuth
       end * "&"
     end
 
-    # Parse an Authorization / WWW-Authenticate header into a hash
+    # Parse an Authorization / WWW-Authenticate header into a hash. Takes care of unescaping and
+    # removing surrounding quotes. Raises a OAuth::Problem if the header is not parsable into a
+    # valid hash. Does not validate the keys or values.
+    #
+    #   hash = parse_header(headers['Authorization'] || headers['WWW-Authenticate'])
+    #   hash['oauth_timestamp']
+    #     #=>"1234567890"
+    # 
     def parse_header(header)
       # decompose
       params = header[6,header.length].split(/[,=]/)
@@ -41,11 +60,12 @@ module OAuth
       # odd number of arguments - must be a malformed header.
       raise OAuth::Problem.new("Invalid authorization header") if params.size % 2 != 0
 
-      # strip and unescape
-      params.map! { |v| unescape(v.strip) }
-
-      # strip quotes
-      params.map! { |v| v =~ /^\".*\"$/ ? v[1..-2] : v }
+      params.map! do |v|
+        # strip and unescape
+        val = unescape(v.strip)
+        # strip quotes
+        val.sub(/^\"(.*)\"$/, '\1')
+      end
 
       # convert into a Hash
       Hash[*params.flatten]

data/lib/oauth/request_proxy/action_controller_request.rb

@@ -42,9 +42,9 @@ module OAuth::RequestProxy
 
       params.
         join('&').split('&').
-        reject { |kv| kv =~ /^oauth_signature=.*/}.
         reject(&:blank?).
-        map { |p| p.split('=').map{|esc| CGI.unescape(esc)} }
+        map { |p| p.split('=').map{|esc| CGI.unescape(esc)} }.
+        reject { |kv| kv =~ /^oauth_signature=.*/}
     end
 
   protected

data/lib/oauth/signature.rb

@@ -1,9 +1,13 @@
 module OAuth
   module Signature
+    # Returns a list of available signature methods
     def self.available_methods
       @available_methods ||= {}
     end
 
+    # Build a signature from a +request+.
+    #
+    # Raises UnknownSignatureMethod exception if the signature method is unknown.
     def self.build(request, options = {}, &block)
       request = OAuth::RequestProxy.proxy(request, options)
       klass = available_methods[(request.signature_method || "").downcase]
@@ -11,14 +15,19 @@ module OAuth
       klass.new(request, options, &block)
     end
 
+    # Sign a +request+
     def self.sign(request, options = {}, &block)
       self.build(request, options, &block).signature
     end
 
+    # Verify the signature of +request+
     def self.verify(request, options = {}, &block)
       self.build(request, options, &block).verify
     end
 
+    # Create the signature base string for +request+. This string is the normalized parameter information.
+    #
+    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
     def self.signature_base_string(request, options = {}, &block)
       self.build(request, options, &block).signature_base_string
     end

data/lib/oauth/tokens/request_token.rb

@@ -10,8 +10,8 @@ module OAuth
     end
 
     # exchange for AccessToken on server
-    def get_access_token(options = {})
-      response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options)
+    def get_access_token(options = {}, *arguments)
+      response = consumer.token_request(consumer.http_method, (consumer.access_token_url? ? consumer.access_token_url : consumer.access_token_path), self, options, *arguments)
       OAuth::AccessToken.from_hash(consumer, response)
     end
 

data/lib/oauth/version.rb

@@ -1,3 +1,3 @@
 module OAuth #:nodoc:
-  VERSION = '0.3.2.2'
+  VERSION = '0.3.3'
 end

data/oauth.gemspec

@@ -2,11 +2,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{oauth}
-  s.version = "0.3.2.2"
+  s.version = "0.3.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons"]
-  s.date = %q{2009-03-23}
+  s.authors = ["Pelle Braendgaard", "Blaine Cook", "Larry Halff", "Jesse Clark", "Jon Crosby", "Seth Fitzsimmons", "Matt Sanford"]
+  s.date = %q{2009-05-04}
   s.default_executable = %q{oauth}
   s.description = %q{OAuth Core Ruby implementation}
   s.email = %q{oauth-ruby@googlegroups.com}

data/test/test_net_http_client.rb

@@ -1,5 +1,6 @@
 require File.dirname(__FILE__) + '/test_helper.rb'
 require 'oauth/client/net_http'
+require 'oauth/version'
 
 class NetHTTPClientTest < Test::Unit::TestCase
 
@@ -33,6 +34,23 @@ class NetHTTPClientTest < Test::Unit::TestCase
     assert_equal "OAuth oauth_nonce=\"225579211881198842005988698334675835446\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"token_411a7f\", oauth_timestamp=\"1199645624\", oauth_consumer_key=\"consumer_key_86cad9\", oauth_signature=\"26g7wHTtNO6ZWJaLltcueppHYiI%3D\", oauth_version=\"1.0\"".split(', ').sort, request['authorization'].split(', ').sort
   end
 
+  def test_that_version_is_added_to_existing_user_agent
+    request = Net::HTTP::Post.new(@request_uri.path)
+    request['User-Agent'] = "MyApp"
+    request.set_form_data( @request_parameters )
+    request.oauth!(@http, @consumer, @token, {:nonce => @nonce, :timestamp => @timestamp})
+
+    assert_equal "MyApp (OAuth gem v#{OAuth::VERSION})", request['User-Agent']
+  end
+
+  def test_that_version_is_set_when_no_user_agent
+    request = Net::HTTP::Post.new(@request_uri.path)
+    request.set_form_data( @request_parameters )
+    request.oauth!(@http, @consumer, @token, {:nonce => @nonce, :timestamp => @timestamp})
+
+    assert_equal "OAuth gem v#{OAuth::VERSION}", request['User-Agent']
+  end
+
   def test_that_using_get_params_works
     request = Net::HTTP::Get.new(@request_uri.path + "?" + request_parameters_to_s)
     request.oauth!(@http, @consumer, @token, {:scheme => 'query_string', :nonce => @nonce, :timestamp => @timestamp})

data/test/test_oauth_helper.rb

@@ -16,6 +16,13 @@ class TestOAuthHelper < Test::Unit::TestCase
     params = OAuth::Helper.parse_header(header)
 
     assert_equal "http://example.com/method", params['realm']
+    assert_equal "vince_clortho", params['oauth_consumer_key']
+    assert_equal "token_value", params['oauth_token']
+    assert_equal "HMAC-SHA1", params['oauth_signature_method']
+    assert_equal "signature_here", params['oauth_signature']
+    assert_equal "1240004133", params['oauth_timestamp']
+    assert_equal "nonce", params['oauth_nonce']
+    assert_equal "1.0", params['oauth_version']
   end
 
   def test_parse_header_ill_formed

data/website/index.html

@@ -33,7 +33,7 @@
     <h1>Ruby OAuth GEM</h1>
     <div id="version" class="clickable" onclick='document.location = "http://rubyforge.org/projects/oauth"; return false'>
       <p>Get Version</p>
-      <a href="http://rubyforge.org/projects/oauth" class="numbers">0.3.2</a>
+      <a href="http://rubyforge.org/projects/oauth" class="numbers">0.3.3</a>
     </div>
     <h2>What</h2>
 <p>This is a RubyGem for implementing both OAuth clients and servers in Ruby applications.</p>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: mojodna-oauth
 version: !ruby/object:Gem::Version 
-  version: 0.3.2.2
+  version: 0.3.3
 platform: ruby
 authors: 
 - Pelle Braendgaard
@@ -10,11 +10,12 @@ authors:
 - Jesse Clark
 - Jon Crosby
 - Seth Fitzsimmons
+- Matt Sanford
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2009-03-23 00:00:00 -07:00
+date: 2009-05-04 00:00:00 -07:00
 default_executable: oauth
 dependencies: 
 - !ruby/object:Gem::Dependency